Unrated severityCISA KEVNVD Advisory· Published Jul 14, 2020· Updated Oct 21, 2025

CVE-2020-6287

Description

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.

Affected products

SAP SE/SAP NetWeaver AS JAVA (LM Configuration Wizard)v5
Range: < 7.30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.htmlmitrex_refsource_MISC
seclists.org/fulldisclosure/2021/Apr/6mitremailing-listx_refsource_FULLDISC
launchpad.support.sap.commitrex_refsource_MISC
wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
www.onapsis.com/recon-sap-cyber-security-vulnerabilitymitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.076
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000